bump netty to 4.1.118.Final

this resolves CVE-2025-24970. Signed-off-by: Ralph Ursprung <Ralph.Ursprung@avaloq.com>
opensearch-project · Feb 11, 2025 · 777116c · 777116c
1 parent 302a3fd
commit 777116c
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -82,6 +82,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Bump `com.google.code.gson:gson` from 2.11.0 to 2.12.1 ([#17229](https://github.com/opensearch-project/OpenSearch/pull/17229))
 - Bump `org.jruby.joni:joni` from 2.2.1 to 2.2.3 ([#17136](https://github.com/opensearch-project/OpenSearch/pull/17136))
 - Bump `org.apache.ant:ant` from 1.10.14 to 1.10.15 ([#17288](https://github.com/opensearch-project/OpenSearch/pull/17288))
+- Bump netty from 4.1.117.Final to 4.1.118.Final ([#](https://github.com/opensearch-project/OpenSearch/pull/))
 
 ### Changed
 - Indexed IP field supports `terms_query` with more than 1025 IP masks [#16391](https://github.com/opensearch-project/OpenSearch/pull/16391)

diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -32,7 +32,7 @@ grpc              = "1.68.2"
 # when updating the JNA version, also update the version in buildSrc/build.gradle
 jna               = "5.13.0"
 
-netty             = "4.1.117.Final"
+netty             = "4.1.118.Final"
 joda              = "2.12.7"
 roaringbitmap     = "1.3.0"